Yes, the following sentence should be part of every SNMPv3 FAQ:
The first sentence of the following quote is not correct, because the trap sender is authoritative. Thus, the engineID relevant for the authenticity is the engine ID of the sender (= authoritativeEngineID in UsmParameters of the SNMPv3 ScopedPDU). The second part about the need of incrementing the engineBoots counter on each restart (=reset of the egineTime) is true: